GhostLocker Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (51)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en38
it4
ru2
pl2
ja2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

us8
ru6
it4
pl2
de2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

RedLine Stealer2
GhostLocker2
Cobalt Strike1
AsyncRAT1
Remcos1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined24
Content Management System6
Library Management System Software4
Medical Device Software2
Groupware Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

SourceCodester12
Not Defined12
Secureideas6
Microsoft4
Arabportal2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

SourceCodester Library Management System4
Secureideas base4
Arabportal Arab Portal2
LogicBoard CMS2
SourceCodester Purchase Order Management System2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1SourceCodester Simple and Beautiful Shopping Cart System delete_user_query.php sql injection7.27.0$1k-$2k$0-$1kProof-of-ConceptNot Defined0.001340.08CVE-2023-1940
2SourceCodester Loan Management System Users Page deleteUser.php delete_user sql injection5.55.4$1k-$2k$0-$1kProof-of-ConceptNot Defined0.000610.00CVE-2023-6312
3SourceCodester Clinics Patient Management System update_user.php sql injection7.16.9$1k-$2k$0-$1kProof-of-ConceptNot Defined0.001130.04CVE-2023-1035
4Microsoft Windows cmd.exe privileges management7.36.6$50k-$100k$2k-$5kProof-of-ConceptNot Defined0.000000.05
5MantisBT Private Project wiki.php information disclosure4.34.2$1k-$2k$0-$1kNot DefinedOfficial Fix0.000530.04CVE-2023-44394
6SourceCodester Library Management System bookdetails.php sql injection8.07.9$1k-$2k$0-$1kNot DefinedNot Defined0.001720.04CVE-2022-36711
7Basti2web Book Panel books.php sql injection7.37.0$2k-$5k$0-$1kHighOfficial Fix0.000640.05CVE-2009-4889
8SourceCodester Library Management System bookdetails.php sql injection8.07.9$1k-$2k$0-$1kNot DefinedNot Defined0.001720.00CVE-2022-36708
9SourceCodester Library Management System bookdetails.php sql injection7.16.9$1k-$2k$0-$1kProof-of-ConceptNot Defined0.003220.20CVE-2022-2214
10Secureideas base base_local_rules.php Remote Code Execution7.36.6$2k-$5k$0-$1kProof-of-ConceptOfficial Fix0.010600.00CVE-2009-4592
11Secureideas base base_qry_main.php sql injection7.36.9$2k-$5k$0-$1kProof-of-ConceptNot Defined0.000640.04CVE-2012-1017
12Secureideas Basic Analysis And Security Engine base_qry_main.php cross site scripting4.33.9$1k-$2k$0-$1kProof-of-ConceptOfficial Fix0.002560.00CVE-2007-6156
13Kevin Johnson Basic Analysis/Security Engine base_qry_common.php code injection4.84.6$2k-$5k$0-$1kHighOfficial Fix0.952650.00CVE-2006-2685
14Yii Framework Exception Error ErrorHandler.php information disclosure6.46.1$1k-$2k$0-$1kNot DefinedOfficial Fix0.002460.05CVE-2018-6010
1574cms ajax_street.php sql injection6.36.1$1k-$2k$0-$1kNot DefinedNot Defined0.163760.04CVE-2020-22208
16plusPHP Short URL Multi-User Script plus.php code injection9.88.6$2k-$5k$0-$1kProof-of-ConceptUnavailable0.058420.00CVE-2008-2480
17DeDeCMS qrcode.php cross site scripting5.25.2$0-$1k$0-$1kNot DefinedNot Defined0.000690.06CVE-2018-18578
18Microsoft Exchange Server Outlook Web Access logon.aspx server-side request forgery7.97.9$10k-$25k$25k-$50kNot DefinedNot Defined0.003790.00CVE-2018-16793
19SourceCodester Purchase Order Management System GET Parameter view_details.php sql injection7.57.3$1k-$2k$0-$1kProof-of-ConceptNot Defined0.031760.05CVE-2023-2130
20Surya2Developer Online Shopping System POST Parameter login.php sql injection7.36.9$1k-$2k$0-$1kProof-of-ConceptNot Defined0.000450.28CVE-2024-1971

IOC - Indicator of Compromise (2)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
141.216.183.31GhostLocker01/30/2024verifiedHigh
2XX.XXX.XX.XXXxxxxxxxx.xxxxxx-xx-xxxxxx.xxXxxxxxxxxxx04/19/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (9)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059CAPEC-242CWE-94Argument InjectionpredictiveHigh
3TXXXX.XXXCAPEC-209CWE-XXXxxxx Xxxx XxxxxxxxxpredictiveHigh
4TXXXXCAPEC-122CWE-XXX, CWE-XXXXxxxxxxxx Xxxx Xxxxxxxxxxx XxxxxxxxxxpredictiveHigh
5TXXXX.XXXCAPEC-CWE-XXXXxx Xx Xxxx-xxxxx XxxxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxxxxxx Xxxxx Xx Xxxxxxxxxx Xxxxxxxxxx XxxxxxxxxpredictiveHigh
7TXXXX.XXXCAPEC-178CWE-XXXXxxx XxxxxxxxpredictiveHigh
8TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (68)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/admin/suppliers/view_details.phppredictiveHigh
2File/admin/users.phppredictiveHigh
3File/application/websocket/controller/Setting.phppredictiveHigh
4File/forum/away.phppredictiveHigh
5File/librarian/bookdetails.phppredictiveHigh
6File/member/chat.phppredictiveHigh
7File/owa/auth/logon.aspxpredictiveHigh
8File/reviewer/system/system/admins/manage/users/user-update.phppredictiveHigh
9File/staff/bookdetails.phppredictiveHigh
10File/xxxxxxx/xxxxxxxxxxx.xxxpredictiveHigh
11Filexxxxx/xxxxxxxxx.xxxpredictiveHigh
12Filexxxxx/xxxxxxx-xxxx.xxxpredictiveHigh
13Filexxx.xxxpredictiveLow
14Filexxxx/xxxxxxxxxxxx.xxxpredictiveHigh
15Filexxxx_xxxxx_xxxxx.xxxpredictiveHigh
16Filexxxx_xxx_xxxxxx.xxxpredictiveHigh
17Filexxxx_xxx_xxxx.xxxpredictiveHigh
18Filexxxxx.xxxpredictiveMedium
19Filexxx.xxxpredictiveLow
20Filexxxxxx.xxxpredictiveMedium
21Filexxxxxxxxxx.xxxpredictiveHigh
22Filexxxxxx_xxxx_xxxxx.xxxpredictiveHigh
23Filexxxx_xxxxxx.xxxpredictiveHigh
24Filexxxx.xxxpredictiveMedium
25Filexxxxxxxxxx.xxxpredictiveHigh
26Filexxxxx.xxxpredictiveMedium
27Filexxx.xxxpredictiveLow
28Filexxxxxxx/xxxxxx%xxxxxxx/xxxxxx_xxx.xxx&xxxx=xxxxxxxxxxxxxxxxxx&xxxx=xpredictiveHigh
29Filexxxx.xxxpredictiveMedium
30Filexxxx.xxxpredictiveMedium
31Filexxxx/xxxx_xxxxxx.xxxpredictiveHigh
32Filexxxx/xxxxxx.xxxpredictiveHigh
33Filexxxxx.xxxpredictiveMedium
34Filexxxx/xxxx.xxxpredictiveHigh
35Filexxx/xxxx/xxxx/xxx/xxxxx/xxxxx/xxxxxx/xxx/xxxxxxxxxx/xxxxxxxxxxxxxxx.xxxxpredictiveHigh
36Filexxxxxx_xxxx.xxxpredictiveHigh
37Filexxxx.xxxpredictiveMedium
38Filexxxx.xxxpredictiveMedium
39Filexxxxxxxxxxxx-xxxxxxxx.xxxpredictiveHigh
40Filexx-xxxxx/xxxxxxxx/xxxxx-xx-xxxxx-xxxx.xxxpredictiveHigh
41File{xxxxxxx}/xxx/xxxxxxx.xxxpredictiveHigh
42File~/xxxxxxxx/xxxxxxxxx/xxxxxxx-xxxx.xxxpredictiveHigh
43Argumentxxxx_xxxxpredictiveMedium
44ArgumentxxxxxxpredictiveLow
45ArgumentxxxxxxxxxxxpredictiveMedium
46ArgumentxxxxpredictiveLow
47Argumentx_xxxx_xxxxxxpredictiveHigh
48ArgumentxxpredictiveLow
49ArgumentxxpredictiveLow
50Argumentxxxx_xxpredictiveLow
51Argumentxxxxxx_xxxxpredictiveMedium
52ArgumentxxxpredictiveLow
53Argumentxxxx_xxxxxxxxxxpredictiveHigh
54ArgumentxxxpredictiveLow
55ArgumentxxxxxxxxpredictiveMedium
56ArgumentxxxxxxxpredictiveLow
57Argumentxxxx_xxpredictiveLow
58ArgumentxxxpredictiveLow
59Argumentxxx[x]predictiveLow
60ArgumentxxxxpredictiveLow
61Argumentxxxx_xx[]predictiveMedium
62ArgumentxxxpredictiveLow
63ArgumentxxxxxxxxpredictiveMedium
64Argumentxxxx_xxpredictiveLow
65Argument_xxxxx_xxxpredictiveMedium
66Input Value' xxx (xxxxxx xxxx xxxx (xxxxxx(xxxxx(x)))xxxx)-- xxxxpredictiveHigh
67Input Valuex'xxx x=x xxxxx xxxxxx x,xxxxx(xx),x,x,x --+predictiveHigh
68Input Valuexxxxxxxxx'+xx+x%xxx+xxxxx+x%xxpredictiveHigh

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Want to stay up to date on a daily basis?

Enable the mail alert feature now!